class UsersController < ApplicationController
  skip_before_filter :authorize
  
  def new
    @user = User.new
  end
  
  def edit
    @user = User.find(session[:autentikoitu])
  end
  
  def create
    if User.find_by_name(params[:user][:name])
      flash[:error] = "User already exists."
      redirect_to root_url
      return
    end
    u = User.new(params[:user])
    u.admin = false
    if u.save
      flash[:success] = "Account created!"
    else
      flash[:error] = "Account not created."
    end
    session[:autentikoitu] = u.id
    redirect_to root_url
  end
  
  def destroy
    User.destroy(session[:autentikoitu])
    reset_session
    redirect_to root_url
  end
  
  def update
    u = User.find(session[:autentikoitu])
    u.password = params[:user][:password]
    u.studentnumber = params[:user][:studentnumber]
    u.save
    flash[:success] = "Muokkaus onnistui!"
    redirect_to root_url
  end
end
